Security for Content in the Workspace

                 

 
Special Edition Using Microsoft SharePoint Portal Server
By Robert Ferguson

Table of Contents
Chapter 11.  Planning and Managing Security


Within the workspace, security is configured at the folder and file level by users assigned the Coordinator role, or by a local administrator. The type of administration required for a given folder is determined by a combination of folder type, features used at the folder, and the process controls being employed.

Using Your Folder Hierarchy

The assignment of roles determines the "who," "how," and "where" of document security within the workspaceall of which should be reflected in the workspace's folder structure and the SharePoint Portal Server features being used. Examine your folder structure and identify any logical boundaries that distinguish groups of users and the role assignments they require. Identify logical groupings of documents by type, use, audience. In most instances, your folder hierarchy will separate documents into groupings that require similar security configurations.

Apply the required role assignments to a parent folder and propagate them throughout the folder tree. If any exceptions are required within that tree, drill down to that folder and change its configuration. When version controls or approval routing is needed, enable those features at a parent folder and nest subfolders with similar characteristics within it.

TIP

If you make changes to the security settings in a parent folder that need to be enforced in subfolders, be sure to select Reset All Subfolders and apply the changes to the folder hierarchy. Unless changes are propagated throughout the folder tree, only the parent folder will be affected.


Remember that all folders use the Reader, Author, and Coordinator roles to assign access permissions to documents and subfolders. Individual user or group access to a single document can be blocked with the Deny Access feature. Documents blocked for a user will not be visible in the folder, nor will they be listed in the results of a search. Any published document for which a user has at least Reader permissions and which is not blocked for that user will be visible when browsing the folder and will be displayed in search results.

Standard Folders

Standard folders are folders where enhanced folder features have been disabled. The most important distinction of a standard folder, from a security vantage , is that any document placed into the folder is automatically published within SharePoint Portal Server. If a user has been assigned at least a Reader role for the folder where a document resides, it will be visible to that user when browsing the folder, and will be displayed in any encompassing search results.

Since the only security setting available for a standard folder is role assignment, these folders are best used when document management requirements are at a minimum.

Enhanced Folders

Enhanced folders provide document management features for version control, document check-in/ check-out , and approval routing. When configuring security for an enhanced folder, remember that only security settings are inherited by subfolders unless inheritance has been disabled. While approvers and approval routes are copied to subfolders when they are created, changes in approval configuration at a parent folder are not inherited by subfolders. In order to change the approval configuration for subfolders, you must manually reconfigure each folder individually.

For more information on configuring folder settings, see Chapter 10, "Managing Folders and Documents."

Using "Hidden" Subfolders

Sometimes it is useful to create folders that are not visible to users browsing the workspace, but which contain documents that the user can access, given the specific folder location. This might be advantageous if users are needlessly browsing the workspace without cause, or if the folder structure implies information about the materials within the workspace that the Coordinator does not want to reveal. Recall that a folder is only visible to a user if that user has a role assigned to the folder, so if a user does not have a role assignment for the parent folder, the contents of the folder cannot be seen by browsing.

To "hide" a folder within the workspace

  1. Create a parent folder and ensure that the user is not included in the roles for the folder.

  2. Create a subfolder that you wish the user to have access to.

  3. Assign the user a role on the folder.

While the user will be unable to navigate to the subfolder through Windows Explorer, the subfolder can be accessed directly using its URL. Additionally, documents in the subfolder will be included in search results.

This security through obscurity method does not actually prevent access to obscured information; rather it reduces the ease of locating documents, and limits the ways in which users can find content within the workspace. When utilizing this configuration, take special care to ensure that subfolder role settings are reconfigured if any parent folder propagates any configuration changes.


                 
Top


Special Edition Using Microsoft SharePoint Portal Server
Special Edition Using Microsoft SharePoint Portal Server
ISBN: 0789725703
EAN: 2147483647
Year: 2002
Pages: 286

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net